There are more than 1 billion Internet users worldwide, more than 3.5 billion mobile subscribers of which over 70% use their mobile phones for purposes other than voice, and all have at least once communicated personal data (whether email, name, date of birth, address, phone number, etc. . . . ) to companies (Service Providers, eCommerce sites, Banks, Mobile Operators, . . . ) and/or authorized, with or without their knowledge, the use of these data.
The services offered on Internet/mobile requiring authentication are becoming more and more numerous and varied (email, social networking sites, online shopping, auctions, banks, brands, etc. . . . ). Individuals often provide personal information without ever reading the usage contract associated with its use; receive email or SMS from those companies or other companies to which they have never communicated their personal data; are often in the middle, without their consent or without being fully aware, of multiple cross databases concerning their personal data and/or behavior allowing a better targeting; and sometimes use several email addresses to prevent “pollution/spam” but also multiple passwords which gradually leads to confusion but does not necessarily adequately respond to the challenges of visibility and transparency.
In addition, other systems such as Cookies, can be installed without individuals being really aware, which can collect personal information about the individuals.
One or more of these factors can mean that individuals cannot control having made available their personal data; they can forget their login and/or password; they are no longer in control of their own data; and, by the technical level of the terminologies commonly used, have only a vague idea of what is really going on, including fusion (crossing) of personal data files, analysis of their Internet behavior, and sharing of their personal data between companies. National and/or International authorities, among them, fall into this game with a desire to protect the individual, which is laudable, but can result in restrictions often not understood by individuals, not broadly applicable while the Internet is global, and which could have a negative impact on a booming eco system (Internet and Mobile).
The protection of privacy is a global issue that worries both individuals and the authorities. For example, the media coverage on the subject is increasing significantly, driven by Google and Facebook cases. This privacy concern is weighed in light of the value added services that a user is getting. Internet and Mobile phones offer lots of opportunities, some of which are unused or unusable at the moment, to meet the needs of individuals and thus provide the service(s) they want, provided that the relationship between the supplier and the individual is transparent and well understood. However, if nothing is done to make sure that individuals are informed and confident, then the Internet and more certainly the Mobile may not deliver all their promises and instead could be viewed as invaders of privacy and therefore individual freedom.
Today, in this context where the Internet and mobile phone multiply the opportunities to connect and where the engagement becomes a key element of the relationship between Individuals and Brands, the individual may want to be the center and especially the master, with full responsibility, whatever the means.
There are quite a few initiatives which have taken place in terms of protecting privacy, started by Governments and Authorities which have and are still very active in putting in place Laws, Regulations and rules in order to guarantee the Consumer and his personal data. Also, organizations such as Network Advertising Initiative (www.networkadvertising.org) or Truste (www.truste.com) have put in place some mechanisms either to be able to inform the consumer either to help companies to setup the right Privacy policies corresponding to the consumer's interest. However, those initiatives, even they are going into the right direction, didn't prevent privacy concerns from emerging significantly over years as they are primarily company-focused rather than consumer-focused.
FTC, EU Commission, ICO in the UK, German Federal Data protection Act, CNIL in France, AEPD in Spain, IPC in Canada, etc. are involved in defining rules on personal data protection. Also, US and EU have launched in Q1 2010 a new consultation (http://ec.europa.eu/justice_home/news/consulting_public/news_consulting_0005_en.htm) that aims to have a common International approach. At the end of the 31st International Conference of Data Protection and Privacy Commissioners, which took place in Madrid in November 2009, data protection authorities from over 50 countries approve the “Madrid Resolution” on international privacy standards which constitutes the basis for the drawing up of a future universally binding Agreement.
The speed at which the digital environment has moved in the last 4 years, plus the new possibilities emerging with Mobile phones, plus the Globalization which is inherent to the Internet, plus the size of this e-Economy, makes it very difficult to legislate or regulate to prevent such or such usage of personal data. Some of those authorities and certainly Ann Cavoukian, from Canada IPC, are proposing to shift and to reboot the system as it has been defined in order to address the new landscape (see, e.g., http://www.ipc.on.ca/english/Home-Page/).